Uri Guterman, Head of Product & Marketing for Hanwha Techwin Europe, explains how system integrators can help their end-user clients comply with GDPR by ‘de-identifying’ recorded video.
The General Data Protection Regulation (GDPR) has spurred companies and organisations in all market sectors to address how they record, store and protect customer related data since it came into force a year ago. This is perhaps not surprising as a serious violation of GDPR could be subject to a fine of up to 4% of a company’s annual revenue or EUR 20 million, whichever is higher. In addition, non-compliance with GDPR violation could result in a class action or a civil lawsuit against individuals.
Hanwha Techwin recently asked its country managers across Europe to report on the impact of GDPR in respect of how video surveillance systems are managed and, in particular, to consider which of the following aspects of how video is recorded and stored might be causing end-user clients the most concern in terms of complying with the regulation.
- Right of access
- Storage time limitation
- Data security/password protocols
- Firmware encryption
- Transmission protocols
Despite cultural differences in attitudes across Europe towards GDPR, the issue of de-identification stood out head and shoulders above others, in terms of importance. This is because the Regulation stipulates that any person whose image is captured by a video surveillance system has the right to be supplied with a copy of their personal data which has been recorded. However, the identity of other individuals who feature in the recorded video needs to be protected.
Complying with the right of access might cause owners some inconvenience, but it is not a difficult thing to do. Manufacturers, such as Hanwha Tecwhin offer video recorders and Video Management Software (VMS), which provide a wide range of search facilities to assist operators to quickly locate specific recorded video. These include keyword, calendar and time-slice search and face recognition options.
Protecting the data and de-identification of people in a video clip other than the person requesting access, has until recently seemed a much bigger challenge. However, as is quite often the case, necessity has become the mother of invention, in the form of recently developed video masking software which provides a highly effective method of redacting faces from video in order to comply with GDPR.
With a number of software development companies offering video masking solutions, it would be wise to check your preferred option will not allow exported redacted video to be misused or tampered with. It should therefore offer password protection, the ability to limit the number of views and access times, as well as an automatic destruction option. Some types of video masking software can also be configured to apply a user defined watermark to the exported video file and will enable audio tracks to be removed or edited to further protect a person’s privacy.
It would also be advisable to consider buying video masking software, such as the S-COP application available through Hanwha Techwin, which provides an option to utilise Digital Rights Management (DRM) technology to encode a redacted video so that it can only be viewed by those entitled to do so. Unlike .AVI files which can be viewed by anyone on a PC which has Windows Media Player installed, DRM encoded video can only be viewed via a password protected dedicated video player software.
Looking to the future, there is no doubt that advanced forms of face detection and face recognition software which utilise emerging Deep Learning technology will provide a range of powerful tools to ensure compliance with GDPR, whilst efficiently resolving any privacy issues and potential conflict with the Regulation by using face recognition for security or business intelligence purposes. In the meantime, video masking software provides a readily available, easy to use and affordable option.
Do you have some questions about how GDPR applies to video surveillance systems? Email Uri Guterman at email@example.com